_xeroxz
/
Voyager
2
2
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '34cacd54a9'
${ noResults }
Voyager/Voyager/Voyager/HvLoader.h

126 lines
4.0 KiB
Raw Blame History

#pragma once
#include "PayLoad.h"
#include "Hv.h"
#include "InlineHook.h"
#include "PagingTables.h"
extern INLINE_HOOK HvLoadImageHook;
extern INLINE_HOOK HvLoadAllocImageHook;
extern INLINE_HOOK HvLoadImageBufferHook;
extern INLINE_HOOK TransferControlShitHook;
#define HV_ALLOCATE_IMAGE_BUFFER_SIG "\xE8\x00\x00\x00\x00\x8B\xF8\x85\xC0\x79\x0A"
#define HV_ALLOCATE_IMAGE_BUFFER_MASK "x????xxxxxx"
static_assert(sizeof(HV_ALLOCATE_IMAGE_BUFFER_SIG) == sizeof(HV_ALLOCATE_IMAGE_BUFFER_MASK), "signature and mask do not match size!");
#define HV_LOAD_PE_IMG_FROM_BUFFER_SIG "\xE8\x00\x00\x00\x00\x44\x8B\xAD"
#define HV_LOAD_PE_IMG_FROM_BUFFER_MASK "x????xxx"
static_assert(sizeof(HV_LOAD_PE_IMG_FROM_BUFFER_SIG) == sizeof(HV_LOAD_PE_IMG_FROM_BUFFER_MASK), "signature and mask do not match size!");
#define HV_LOAD_PE_IMG_SIG "\x48\x89\x44\x24\x00\xE8\x00\x00\x00\x00\x44\x8B\xF0\x85\xC0\x0F\x88\x00\x00\x00\x00\x4C\x8D\x45"
#define HV_LOAD_PE_IMG_MASK "xxxx?x????xxxxxxx????xxx"
static_assert(sizeof(HV_LOAD_PE_IMG_SIG) == sizeof(HV_LOAD_PE_IMG_MASK), "signature and mask do not match size...");
typedef EFI_STATUS(EFIAPI* ALLOCATE_IMAGE_BUFFER)(VOID** imageBuffer, UINTN imageSize, UINT32 memoryType,
UINT32 attributes, VOID* unused, UINT32 Value);
typedef EFI_STATUS(EFIAPI* HV_LDR_LOAD_IMAGE_BUFFER)(VOID* a1, VOID* a2, VOID* a3, VOID* a4, UINT64* ImageBase,
UINT32* ImageSize, VOID* a7, VOID* a8, VOID* a9, VOID* a10, VOID* a11, VOID* a12, VOID* a13, VOID* a14, VOID* a15);
typedef EFI_STATUS(EFIAPI* HV_LDR_LOAD_IMAGE)(VOID* DeviceId, VOID* MemoryType, CHAR16* Path, VOID** ImageBase, UINT32* ImageSize,
VOID* Hash, VOID* Flags, VOID* a8, VOID* a9, VOID* a10, VOID* a11, VOID* a12, VOID* a13);
/// <summary>
/// hook on hvloader.BlImgAllocateImageBuffer, hooked to extend the
/// allocation size....
/// </summary>
/// <param name="imageBuffer">pass by ref pointer to allocations base...</param>
/// <param name="imageSize">size of allocation...</param>
/// <param name="memoryType"></param>
/// <param name="attributes"></param>
/// <param name="unused"></param>
/// <param name="flags"></param>
/// <returns></returns>
UINT64 EFIAPI HvBlImgAllocateImageBuffer
(
VOID** imageBuffer,
UINTN imageSize,
UINT32 memoryType,
UINT32 attributes,
VOID* unused,
UINT32 Value
);
/// <summary>
/// hook on hvloader.BlImgLoadPEImageEx... hyper-v is loaded into memory
/// by this function so im hooking it to extend it/inject into it.
/// </summary>
/// <param name="DeviceId"></param>
/// <param name="MemoryType"></param>
/// <param name="Path"></param>
/// <param name="ImageBase"></param>
/// <param name="ImageSize"></param>
/// <param name="Hash"></param>
/// <param name="Flags"></param>
/// <param name="a8"></param>
/// <param name="a9"></param>
/// <param name="a10"></param>
/// <param name="a11"></param>
/// <param name="a12"></param>
/// <param name="a13"></param>
/// <returns></returns>
EFI_STATUS EFIAPI HvBlImgLoadPEImageEx
(
VOID* DeviceId,
VOID* MemoryType,
CHAR16* Path,
UINT64* ImageBase,
UINT32* ImageSize,
VOID* Hash,
VOID* Flags,
VOID* a8,
VOID* a9,
VOID* a10,
VOID* a11,
VOID* a12,
VOID* a13
);
/// <summary>
/// for some reason 1703 hvloader.BlImgLoadPEImageFromSourceBuffer is called
/// to load hyper-v into memory... Hooking this like i hook hvloader.BlImgLoadPEImageEx...
/// </summary>
/// <param name="a1"></param>
/// <param name="a2"></param>
/// <param name="a3"></param>
/// <param name="a4"></param>
/// <param name="ImageBase"></param>
/// <param name="ImageSize"></param>
/// <param name="a7"></param>
/// <param name="a8"></param>
/// <param name="a9"></param>
/// <param name="a10"></param>
/// <param name="a11"></param>
/// <param name="a12"></param>
/// <param name="a13"></param>
/// <param name="a14"></param>
/// <param name="a15"></param>
/// <returns></returns>
EFI_STATUS EFIAPI HvBlImgLoadPEImageFromSourceBuffer
(
VOID* a1,
VOID* a2,
VOID* a3,
VOID* a4,
UINT64* ImageBase,
UINT32* ImageSize,
VOID* a7,
VOID* a8,
VOID* a9,
VOID* a10,
VOID* a11,
VOID* a12,
VOID* a13,
VOID* a14,
VOID* a15
);
Reference in new issue View Git Blame Copy Permalink